openSUSE Security Update : qemu (openSUSE-SU-2013:1202-1)
Medium Nessus Plugin ID 75088
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThe qemu guest agent creates a bunch of files with insecure permissions when started in daemon mode. For now mask all file mode bits for 'group' and 'others' in become_daemon(). Temporarily, for compatibility reasons, stick with the 0666 file-mode in case of files newly created by the 'guest-file-open' QMP call. Do so without changing the umask temporarily.
QEMU was updated to 1.1.2 on openSUSE 12.2, and 1.3.1 on openSUSE 12.3.
SolutionUpdate the affected qemu packages.